I see... I disabled all acls, because I couldn't get past the spf errors
below. (private ip not part of spf). Couldn't figure out how to just
disable spf or make a simple exception.
exim -bh 10.10.4.13
**** SMTP testing session as if from host 10.10.4.13
**** but without any ident (RFC 1413) callback.
**** This is not for real!
>>> host in hosts_connection_nolog? no (option unset)
>>> host in host_lookup? no (option unset)
>>> host in host_reject_connection? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in recipient_unqualified_hosts? no (option unset)
>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)
>>> using ACL "acl_check_connect"
>>> processing "accept"
>>> check hosts = :
>>> host in ":"? no (end of list)
>>> accept: condition test failed
>>> processing "drop"
>>> check hosts = +blacklisted_hosts
>>> host in "pgsql;SELECT from_address FROM lists WHERE
to_address='any' AND list_type=2 AND from_address='10.10.4.13';"? no
(end of list)
>>> host in "+blacklisted_hosts"? no (end of list)
>>> drop: condition test failed
>>> processing "accept"
>>> check hosts = +whitelisted_hosts
>>> host in "pgsql;SELECT from_address FROM lists WHERE
to_address='any' AND list_type=1 AND from_address='10.10.4.13';"? no
(end of list)
>>> host in "+whitelisted_hosts"? no (end of list)
>>> accept: condition test failed
>>> processing "defer"
>>> check ratelimit = 250 / 15m / strict
>>> ratelimit condition limit=250 period=900
key=15m/per_mail/strict/10.10.4.13
>>> ratelimit initializing new key's data
>>> ratelimit db updated
>>> ratelimit computed rate 0.0
>>> defer: condition test failed
>>> processing "accept"
>>> accept: condition test succeeded
220 Baruwa 2.0 Wed, 10 Sep 2014 06:12:10 -0500
helo mail.lctn.org
>>> mail.lctn.org in helo_lookup_domains? no (end of list)
>>> using ACL "acl_check_helo"
>>> processing "drop"
>>> check condition = ${if def:sender_helo_name {false}{true}}
>>> = false
>>> drop: condition test failed
>>> processing "drop"
>>> check condition = ${if isip{$sender_helo_name}}
>>> =
>>> drop: condition test failed
>>> processing "accept"
>>> accept: condition test succeeded
250 relay-3.lctn.org Hello mail.lctn.org [10.10.4.13]
mail from:[email protected]
250 OK
rcpt to:[email protected]
>>> using ACL "acl_check_rcpt"
>>> processing "accept"
>>> check hosts = :
>>> host in ":"? no (end of list)
>>> accept: condition test failed
>>> processing "drop"
>>> check hosts = +blacklisted_hosts
>>> host in "pgsql;SELECT from_address FROM lists WHERE
to_address='any' AND list_type=2 AND from_address='10.10.4.13';"? no
(end of list)
>>> host in "+blacklisted_hosts"? no (end of list)
>>> drop: condition test failed
>>> processing "drop"
>>> check domains = +blacklisted_domains
>>> lctn.org in "pgsql;SELECT from_address FROM lists WHERE
to_address='any' AND list_type=2 AND from_address='lctn.org';"? no (end
of list)
>>> lctn.org in "+blacklisted_domains"? no (end of list)
>>> drop: condition test failed
>>> processing "drop"
>>> check condition = ${if >{$rcpt_fail_count}{3} {yes}{no}}
>>> = no
>>> drop: condition test failed
>>> processing "drop"
>>> check senders = : postmaster@*
>>> lctn.org in ""? no (end of list)
>>> [email protected] in ": postmaster@*"? no (end of list)
>>> drop: condition test failed
>>> processing "drop"
>>> check domains = +local_domains
>>> lctn.org in "@ : localhost : localhost.localdomain"? no (end of list)
>>> lctn.org in "+local_domains"? no (end of list)
>>> drop: condition test failed
>>> processing "drop"
>>> check domains = !+local_domains
>>> lctn.org in "!+local_domains"? yes (end of list)
>>> check local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
>>> support in "^[./|] : ^.*[@%!] : ^.*/\.\./"? no (end of list)
>>> drop: condition test failed
>>> processing "accept"
>>> check local_parts = postmaster
>>> support in "postmaster"? no (end of list)
>>> accept: condition test failed
>>> processing "accept"
>>> check hosts = +relay_from_hosts : +relay_sql_hosts
>>> gethostbyname2 looked up these IP addresses:
>>> name=localhost address=::1
>>> name=localhost address=127.0.0.1
>>> gethostbyname2 looked up these IP addresses:
>>> name=localhost.localdomain address=127.0.0.1
>>> host in "localhost : localhost.localdomain"? no (end of list)
>>> host in "pgsql;SELECT address FROM relaysettings WHERE enabled='t'
AND address='10.10.4.13';"? no (end of list)
>>> host in "+relay_from_hosts : +relay_sql_hosts"? no (end of list)
>>> accept: condition test failed
>>> processing "accept"
>>> check authenticated = *
>>> accept: condition test failed
>>> processing "require"
>>> check domains = +local_domains : +relay_sql_domains
>>> lctn.org in "pgsql;SELECT name FROM relaydomains WHERE
name='lctn.org';"? yes (matched "pgsql;SELECT name FROM relaydomains
WHERE name='lctn.org';")
>>> lctn.org in "+local_domains : +relay_sql_domains"? yes (matched
"+relay_sql_domains")
>>> require: condition test succeeded
>>> processing "accept"
>>> check senders = +whitelisted_addresses
>>> [email protected] in "pgsql;SELECT from_address FROM lists WHERE
to_address='any' AND list_type=1 AND from_address='[email protected]';"? no
(end of list)
>>> [email protected] in "+whitelisted_addresses"? no (end of list)
>>> accept: condition test failed
>>> processing "accept"
>>> check domains = +whitelisted_domains
>>> lctn.org in "pgsql;SELECT from_address FROM lists WHERE
to_address='any' AND list_type=1 AND from_address='lctn.org';"? no (end
of list)
>>> lctn.org in "+whitelisted_domains"? no (end of list)
>>> accept: condition test failed
>>> processing "drop"
>>> check dnslists = zen.spamhaus.org
>>> DNS list check: zen.spamhaus.org
>>> new DNS lookup for 13.4.10.10.zen.spamhaus.org
>>> DNS lookup for 13.4.10.10.zen.spamhaus.org failed
>>> => that means 10.10.4.13 is not listed at zen.spamhaus.org
>>> drop: condition test failed
>>> processing "drop"
>>> check dnslists = bl.spamcop.net : cbl.abuseat.org
>>> DNS list check: bl.spamcop.net
>>> new DNS lookup for 13.4.10.10.bl.spamcop.net
>>> DNS lookup for 13.4.10.10.bl.spamcop.net failed
>>> => that means 10.10.4.13 is not listed at bl.spamcop.net
>>> DNS list check: cbl.abuseat.org
>>> new DNS lookup for 13.4.10.10.cbl.abuseat.org
>>> DNS lookup for 13.4.10.10.cbl.abuseat.org failed
>>> => that means 10.10.4.13 is not listed at cbl.abuseat.org
>>> drop: condition test failed
>>> processing "drop"
>>> check dnslists = rbl.baruwa.net : rbl.baruwa.net/$sender_address_domain
>>> = rbl.baruwa.net : rbl.baruwa.net/lctn.org
>>> DNS list check: rbl.baruwa.net
>>> new DNS lookup for 13.4.10.10.rbl.baruwa.net
>>> DNS lookup for 13.4.10.10.rbl.baruwa.net failed
>>> => that means 10.10.4.13 is not listed at rbl.baruwa.net
>>> DNS list check: rbl.baruwa.net/lctn.org
>>> new DNS lookup for lctn.org.rbl.baruwa.net
>>> DNS lookup for lctn.org.rbl.baruwa.net failed
>>> => that means lctn.org is not listed at rbl.baruwa.net
>>> drop: condition test failed
>>> processing "drop"
>>> check !verify = reverse_host_lookup
>>> looking up host name to force name/address consistency check
>>> looking up host name for 10.10.4.13
>>> IP address lookup yielded mail.lctn.org
>>> gethostbyname2 looked up these IP addresses:
>>> name=mail.lctn.org address=10.10.4.13
>>> checking addresses for mail.lctn.org
>>> 10.10.4.13 OK
>>> drop: condition test failed
>>> processing "drop"
>>> check domains = +smtp_callback_domains
>>> lctn.org in "pgsql;SELECT name FROM mtasettings where
name='lctn.org' AND smtp_callout='t';"? no (end of list)
>>> lctn.org in "+smtp_callback_domains"? no (end of list)
>>> drop: condition test failed
>>> processing "drop"
>>> check domains = +ldap_domains
>>> lctn.org in "pgsql;SELECT name FROM mtasettings WHERE
name='lctn.org' AND ldap_callout='t';"? no (end of list)
>>> lctn.org in "+ldap_domains"? no (end of list)
>>> drop: condition test failed
>>> processing "deny"
>>> deny: condition test succeeded
550 Please see
http://www.openspf.org/Why?scope=mfrom;[email protected];ip=10.10.4.13
LOG: H=mail.lctn.org [10.10.4.13] F=<[email protected]> rejected RCPT
[email protected]: Please see
http://www.openspf.org/Why?scope=mfrom;[email protected];ip=10.10.4.13
On 09/10/2014 06:09 AM, Andrew Colin Kissa wrote:
On 10 Sep 2014, at 12:56 PM, Raymond Norton <[email protected]> wrote:
ACL is NULL: implicit DENY
That is your issue, you do not have ACL's
acl_not_smtp =
acl_not_smtp_mime =
acl_not_smtp_start =
acl_smtp_auth =
acl_smtp_connect =
acl_smtp_data =
acl_smtp_dkim =
acl_smtp_etrn =
acl_smtp_expn =
acl_smtp_helo =
acl_smtp_mail =
acl_smtp_mailauth =
acl_smtp_mime =
acl_smtp_notquit =
acl_smtp_predata =
acl_smtp_quit =
acl_smtp_rcpt =
acl_smtp_starttls =
acl_smtp_vrfy =
Why did you get the configuration file ?
Both Jeremy's and my sample configuration files do have ACL's enabled.
https://github.com/fluxlabs/baruwa/blob/master/2.0/extras/centos/config/exim/exim.conf#L18
https://github.com/akissa/baruwa2/blob/master/extras/config/exim/exim.conf#L18
_______________________________________________
http://pledgie.com/campaigns/12056
_______________________________________________
http://pledgie.com/campaigns/12056
